<?php
$page_type = "";
require_once 'header.php';

// Obtain information for the record to be updated
$input_password = $_POST["input_password"];
$new_password = $_POST["new_password"];
$confirmed_password = $_POST["confirmed_password"];

$sql = "select Client_ID, Password 
        from CLIENT
        where Client_ID='{$_SESSION['user_id']}'";

$result_array = execute_sql_in_oracle($sql);
$result = $result_array["flag"];
$cursor = $result_array["cursor"];

if (!$result) {
  $pass_error = "Server error. Please try again.";
  header("Location:update_password.php?pass_error=$pass_error");
}
else if (!($values = oci_fetch_array($cursor))) {
  $pass_error = "Account might have been deleted.";
  header("Location:update_password.php?pass_error=$pass_error");
}
else {
  $client_id = $values[0];
  $old_password = $values[1];
  oci_free_statement($cursor);
  
  // Password verification steps for user input
  if (empty($new_password) or empty($confirmed_password)) {
    $pass_error = "New and confirm password can't be blank. Please try again.";
	header("Location:update_password.php?pass_error=$pass_error");
  }
  else if($new_password == $confirmed_password) {
    if($old_password == $input_password) {
      $sql = "update CLIENT set Password='$new_password' where Client_ID='{$_SESSION['user_id']}'";
      $result_array = execute_sql_in_oracle($sql);
      $result = $result_array["flag"];
      $cursor = $result_array["cursor"];
	  
      if (!$result) {
        $pass_error = "Update password failed! Please try again.";
		header("Location:update_password.php?pass_error=$pass_error");
      }
	  else {
	    $pass_success = "Password updated successfully!";
		header("Location:update_password.php?pass_success=$pass_success");
      }	
    }
    else { 
      $pass_error = "Current password entered doesn't match record. Please try again.";
      header("Location:update_password.php?pass_error=$pass_error");  
    }
  }
  else {
    $pass_error = "New password entered doesn't match confirm password.";
    header("Location:update_password.php?pass_error=$pass_error");  
  }
}
?>